How do i create event monitoring rule in SCOM 2007

How to Create a Simple Windows Event Unit Monitor in Operations Manager 2007
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
Event unit monitors in Microsoft Windows can be one of three types: manual reset, timer reset, and Windows event reset.
A manual reset monitor changes the health state of the monitor to unhealthy when a specified event is generated. The monitor health state must be reset manually to return the monitor state to healthy.
A timer reset monitor changes the health state of the monitor to unhealthy when a specified event is generated. After a period of time that you specify, the health state returns to healthy and remains there until the specified event is again generated. The period of time that you can specify can range from one second or to 24,855 days.
A Windows event reset type of unit monitor detects two events: the first event changes the state of the monitor to unhealthy and the second event changes the state of the monitor to healthy.
Use the following procedure to create a Windows event reset unit monitor.
To create a simple Windows event reset unit monitor

1. Log on to the computer with an account that is a member of the Operations Manager Administrators user role or Operations Manager Authors user role for the Operations Manager 2007 management group.
2. In the Operations console, click the Authoring button.
3. In the Authoring pane, expand Authoring, expand Management Pack Objects, and then click Monitors.
4. Click Change Scope.
5. In the Scope Management Pack Objects dialog box, in the Find text box, type Windows Computer, select the Windows Computer target check box, and then click OK.
6. In the Monitors pane, expand Windows Computer, expand Entity Health, right-click Availability, point to Create a monitor, and then click Unit Monitor.
7. In the Create Monitor Wizard, on the Select a Monitor Type page, expand Windows Events, expand Simple Event Detection, click Windows Event Reset, and then click Next.
8. On the General Properties page, in the Name box, type a name for the Windows event unit monitor, and then as an option, you can type a description.
9. In the Parent monitor list, click the appropriate parent monitor, and then click Next.
10. On the Event Log Name page (for the unhealthy event), under Log name, click the (…) button.
11. On the Select event log page, under Computer, click the (…) button or type the name of the computer, click one of the available event logs, and then click OK.
12. On the Event Log Name page, click Next.
13. On the Build Event Expression page (for Unhealthy Event), set Event ID equal to the Windows Event ID that you want to monitor, such as 100. Set Event Source equal to the source of the event, such as EventCreate, and then click Next.
14. On the Event Log Name page (for Healthy Event), under Log name, click the (…) button.
15. On the Select Event Log page, under Computer, click the (…) button or type the name of the computer, click one of the available event logs, and then click OK.
16. On the Event Log Name page, click Next.
17. On the Build Event Expression page (for Healthy Event), set Event ID equal to the Windows Event ID that you want to monitor, set Event Source equal to the source of the event, and then click Next.
18. On the Configure Health page, do the following:
    1. For the FirstEventRaised row, click the name in the Operational State column and type a new name for this event, click health state in the Health State column, and then click Critical or Warning.
    2. For the SecondEventRaised row, click the name in the Operational State column and type a new name for this event, click health state in the Health State column, and then click Healthy.
    3. Click Next.
19. On the Configure Alerts page, use the default settings or select the Generate alerts for this monitor checkbox to set custom properties for the alert, and then click Create.